CWE-1276 – Hardware Child Block Incorrectly Connected to Parent System
Description Signals between a hardware IP and the parent system design are incorrectly connected causing security risks. Modes of Introduction: - Implementation Related...
CWE-1277 – Firmware Not Updateable
Description The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may...
CWE-1278 – Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
Description Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques...
CWE-1279 – Cryptographic Operations are run Before Supporting Units are Ready
Description Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result. Many cryptographic hardware units...
CWE-128 – Wrap-around Error
Description Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small,...
CWE-1280 – Access Control Check Implemented After Asset is Accessed
Description A product's hardware-based access control check occurs after the asset has been accessed. Modes of Introduction: - Implementation Related Weaknesses CWE-696 CWE-284...
CWE-1281 – Sequence of Processor Instructions Leads to Unexpected Behavior
Description Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed. Modes of Introduction: - Architecture...
CWE-1282 – Assumed-Immutable Data is Stored in Writable Memory
Description Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated...
CWE-1283 – Mutable Attestation or Measurement Reporting Data
Description The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary. Modes of Introduction: - Architecture...
CWE-1284 – Improper Validation of Specified Quantity in Input
Description The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates...